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INTRODUCTION 





The organizational network size, their number of users as well as complexity, have rapidly raised in recent years. 
This enormous increase in growth makes it very difficult to provide the network with security. Network security is 
the key problem of computer networking systems and services implementation and operation as various types of 
attacks are growing day by day. The crucial question is how these computer network systems as well as services 
should be protected against malicious nodes that cause many issues within the network environment including the 
unavailability of services, data losses and privacy in communications. Until properly protected, every network is 
responsive to unintended and malicious use. Personal data, such as business secrets and personal records, may be 
disclosed by hackers, unfortunate staff or bad security procedures inside the company. For example, a loss of 
confidential research will theoretically cost the company millions of dollars by losing advantage of strategic 
advantages. As hackers intercept and sell consumer data for fraud, misleading advertising and public misconceptions 


of the organizations are created. 


The majority of typical network attacks are aimed at gaining access to information by hacking on 
conversations and user data instead of damaging the network itself. However, attackers could do more than steal 
files. They will destroy the devices of users or manipulate systems for physical access to facilities. This puts the 
property and the members of the organization at risk of harm. Competent network security processes protect the 
data from external interference and block vulnerable systems. This enables users of the network to stay safe as well 


as focus on accomplishing the objectives of the organization. 
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2. ACCESS-CONTROL LIST 


A network filter is used to authorize and limit data flows to and from network interfaces through network equipment such as 
the firewalls, routers and switches. The network system analyses data flowing through the interface where an access control 
list has been configured on an interface, compares the data with conditions specified in the lists, as well as enables data to flow 


or forbids it. 


The primary reason for access-control list is for providing a basic security level for the network. The limited 
complexity and ease of use of operation of stateful firewalls may not permit the use of higher- the allowance of higher speeds 
on fast interfaces, though the level of security on these firewalls is reduced. They also limit changes for network peers to route, 


which can help to define network traffic flow control. 
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Figure 1.1: Access Control Lists 


In the figure, there are authorized clients and also unauthorized user whose access to the organization network is 


denied. 

Types of ACL 

In relation to two key sections, lists of access control may be approached: 
e Standard ACL 


A list of accesses developed only with the source IP address. Such access control lists cause the entire protocol suite to be 
blocked. They don't distinguish between TCP, UDP along with HTTPS IP traffic. They utilize numbers 1-99 or 1300-1999 in 


order to allow the router to identify the address as the IP source. 
Syntax: 
access-list [1-99] [permit | deny] [source address] [wildcard mask] 
e Extended ACL 


An IP traffic differentiating access list which is often used. This utilizes IP addresses and port numbers for IP traffic both at 
the source and the destination. You may also indicate what IP traffic is permitted or refused. The figures 100-199 and 2000- 
2699 are used. 


Syntax: 


access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask] [destination address] [wildcard 


mask] [operator] [port] 
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There are 2 more types of ACL as well: 
e Named ACL 


Named access lists offer two advantages. First, for documentation reason, we should use a recognizable name in an access list. 


Second, in a named access list, we will exclude individual lines that cannot be included for numbered access lists. 
e Numbered access list 


The access list should not be removed after it is produced, i.e., in case of the numbered access list, it is not possible to delete 
a provision from an access list. This is the access list that is not allowed. The entire list of accesses will be deleted if we attempt 


to remove a provision from the access list. With regular and expanded access list, the numbered access list could be used. 
3. NETWORK ADDRESS TRANSLATION (NAT) 


Not many domestic places had more than a PC a decade back. However, this is now almost necessary for many people to 
have two or three personal Computers. At the time, a small part of home computer users subscribed to was ADSL or the 


Internet over a cable. At present, these broadband networks are increasingly subscribed by users. 


With the extreme development of the internet as well as associated networks in mind, the allocation of IP address 
is a biggest challenge. The issue of the absence of IP addresses has been initial just a theoretical one, which would occur in 
the far future. So, here's the future! The issue is no longer theoretical - this is happening right now. More and more people 


began to need public IP addresses permanently, which added to the trouble and required a fast solution. 


This solution came with Port Address Translation (PAT), Network Address Translation (NAT). An entirely new 
address system, known as IPv6, has to be used with more confident and effective approach, with 128 bits instead of the 32 


found in IPV4. 


The Network Address (NAT) translation procedure involves the assignment of a computer public address (or group 
of computers) to a network system within an interconnected network, typically a network device. NAT is mostly to restrict 
the number of public IP addresses a business or entity must use for both cost-effectiveness and security and automation tests. 
NAT is a mechanism for modifying the IP addresses and ports of source and destination. The need for public IPv4 addresses 


restricts Address translation and masks private address set of the network. It is normally performed by firewalls or routers. 
There are three types in NAT: 
e Static NAT 


One-to-one mapping is provided by Static NAT between global as well as local addresses, therefore, a single IP address 


must be assigned to any network device. 
e Dynamic NAT 


The router is equipped with a pool of routable IP addresses, and the router transfers addresses from that pool to each 
computer requiring "outside world" traffic. This kind of NAT requires good plan from its inception so that the pool of IP 


addresses is sufficient to meet the network requirements of the Internet peak time traffic. 
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e PAT 


Translation of the port address is another and most common version of the NAT. This is also named NAT Overload since 
the application of the various ports addresses on the UDP or TCP directory will map several private IP addresses to only 


one registered IP address (overloaded address). 
Due to some security constraints business organizations started with two more types of NAT: 


e  =©Private IP to Private IP NAT 


In this type of NAT one private IP is mapped to other private IP. This is done to protect the privacy of both the network. In 


this case NAT acts as a gateway between two private networks. 


e Identity NAT 


In identity NAT the real address is mapped to itself, this is done in order to make sure that only authorized network can 


initiate communication with the other network. 
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Figure 1.2: Access Control Lists 
In the above figure, to access the services in Data center client-side IP has to be changed to organization side IP. 
4. PREVIOUS WORK 
IPV4 address will get exhausted as it is finite. There were two solutions to this problem: 
e To expand the size of the address which became IPv6. This was a long-term solution. 


e To temporarily solve the problem NAT technique was introduced. The smaller subset called private address were 


formed from the superset IPv4. Private addresses were not globally unique. 


Hence, these private addresses were mapped to public address to communicate with internet. Simulation of NAT in 


organizations has showed that NAT eases network administration. 


With the drastic network growth, ACL will become very important to monitor it. Every packet a network device 
receives is evaluated against the rules applied on the devices. Only if the criteria match the packet is allowed to flow or else 


it is dropped. Deployment of ACL is very important in organization network to monitor each and every flow in network. 
5. ROLE OF ACL AND NAT IN NETWORK SECURITY 


The network interface passes all traffic sent by it by chance, with no constraints. ACL is a mechanism that can be used to 
specify which node or IP to provide access to the internal network and vice versa for external networks. The access control 
function is performed on an OSI layer lower than the proxy gateway, which makes it less complicated. A portal to filter a 


packet is also much quicker than its cousins. 
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ACL allows or denies statements consist essentially of IP addresses and ports for the source as well as the 


destination. 


A statement allowing the ACL permission enables access to the required IP address/network destination 
address/specified. On the other hand, the ACL statements are denied. The firewall inserts an implicated DENY ALL assertion 
rule at the end of the ACL that is not available in the setup by default. Once the ACL is applied and the packet is filtered, 


only the traffic permitted will enter into the other side of the network. 


NAT is mapping of one IP address space to other IP address space. Security as well as privacy can be provided by 
NAT. Since NAT transfers data packets from one IP to another, this also prevents access to a private interface for something 
else. The network machines sort the data to make it more complicated for unintended data to get in. This isn't stupid, but it 


also serves as your device's first protection. 


Consider ACL and NAT as the company's old mailroom. Receipt parcels to the company address are checked and 
the mailroom attaches the cube number of the receiver for inside delivery. Simply discarding packages coming without a 
valid receiver. Outbound packages travel to the corresponding postal carrier or shipper via the mailroom. For inbound or 


outbound packets, NAT executes a similar function. 


Now to the mailroom add a security element. Packages received from an x-ray system and bomb procedure are 
being used. In order to ensure no harmful or forbidden objects, the content shall be reviewed. It is possible to search the 
return address and block it if the shipment originates from a given address or location. After passing thru the security, the 
post office attaches the number of the receiver to be sent. Packages that are outbound are still running after stability. Blocking 
and returning the packs to the internal sender for some addresses or containing any of the objects. His director gets a report 


on what was and why blocked. This is the feature of an incoming and outgoing firewall package. 


ACLs conduct stateless controls, such that the permission list examines a packet and does not know what has 
happened. If an ACL checks a packet with an ACK bit collection using TCP, the ACL may only acknowledge that it is an 


acceptance packet. 
6. CONCLUSIONS 


To achieve security in an organizational network is very difficult. Configuring hardware devices accurately based on the 
security requirements is one of the prime components in maintaining a secure network. There are advanced security policies 
today, but still providing security at basic level becomes very important too. This way attacks can also be brought into light 
at the rudimentary level only. To provide efficient network security for an organization, there should be a firewall which 
blocks the traffic that can be harmful. Network devices should be configured with ACL in order to keep the traffic flow 


precise. NAT provides acts as a gateway between inside and outside network. 
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